def _name_get(self, url):
""" get challenge """
self.logger.debug('Challenge.get_name({0})'.format(url))
url_dic = parse_url(self.logger, url)
challenge_name = url_dic['path'].replace(self.path_dic['chall_path'], '')
if '/' in challenge_name:
(challenge_name, _sinin) = challenge_name.split('/', 1)
return challenge_name
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config()
if 'CAhandler' in config_dic:
if 'acme_keyfile' in config_dic['CAhandler']:
self.keyfile = config_dic['CAhandler']['acme_keyfile']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "acme_keyfile" parameter is missing in config file'
)
if 'acme_url' in config_dic['CAhandler']:
self.url = config_dic['CAhandler']['acme_url']
self.url_dic = parse_url(self.logger, self.url)
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "acme_url" parameter is missing in config file'
)
if 'acme_account' in config_dic['CAhandler']:
self.account = config_dic['CAhandler']['acme_account']
if 'account_path' in config_dic['CAhandler']:
self.path_dic['acct_path'] = config_dic['CAhandler'][
'account_path']
if 'directory_path' in config_dic['CAhandler']:
self.path_dic['directory_path'] = config_dic['CAhandler'][
'directory_path']
if 'acme_account_keysize' in config_dic['CAhandler']:
self.key_size = config_dic['CAhandler']['acme_account_keysize']
if 'acme_account_email' in config_dic['CAhandler']:
self.email = config_dic['CAhandler']['acme_account_email']
if 'allowed_domainlist' in config_dic['CAhandler']:
try:
self.allowed_domainlist = json.loads(
config_dic['CAhandler']['allowed_domainlist'])
except Exception as err:
self.logger.error(
'CAhandler._config_load(): failed to parse allowed_domainlist: {0}'
.format(err))
if 'eab_kid' in config_dic['CAhandler']:
self.eab_kid = config_dic['CAhandler']['eab_kid']
if 'eab_hmac_key' in config_dic['CAhandler']:
self.eab_hmac_key = config_dic['CAhandler']['eab_hmac_key']
self.logger.debug('CAhandler._config_load() ended')
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "CAhandler" section is missing in config file'
)
def _name_get(self, url):
""" get ordername """
self.logger.debug('Order._name_get({0})'.format(url))
url_dic = parse_url(self.logger, url)
order_name = url_dic['path'].replace(self.path_dic['order_path'], '')
if '/' in order_name:
(order_name, _sinin) = order_name.split('/', 1)
self.logger.debug('Order._name_get() ended')
return order_name
def _config_load(self):
"""" load config from file """
# pylint: disable=R0912, R0915
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'est_host_variable' in config_dic['CAhandler']:
try:
self.est_host = os.environ[config_dic['CAhandler'][
'est_host_variable']] + '/.well-known/est'
except Exception as err:
self.logger.error(
'CAhandler._config_load() could not load est_host_variable:{0}'
.format(err))
if 'est_host' in config_dic['CAhandler']:
if self.est_host:
self.logger.info(
'CAhandler._config_load() overwrite est_host')
self.est_host = config_dic['CAhandler'][
'est_host'] + '/.well-known/est'
if not self.est_host:
self.logger.error(
'CAhandler._config_load(): missing "est_host" parameter')
# check if we need to use clientauth
if 'est_client_cert' in config_dic[
'CAhandler'] and 'est_client_key' in config_dic[
'CAhandler']:
self.est_client_cert = []
self.est_client_cert.append(
config_dic['CAhandler']['est_client_cert'])
self.est_client_cert.append(
config_dic['CAhandler']['est_client_key'])
elif 'est_client_cert' in config_dic[
'CAhandler'] or 'est_client_key' in config_dic['CAhandler']:
self.logger.error(
'CAhandler._config_load() configuration incomplete: either "est_client_cert or "est_client_key" parameter is missing in config file'
)
# check if we need to use user-auth
if 'est_user_variable' in config_dic['CAhandler']:
try:
self.est_user = os.environ[config_dic['CAhandler']
['est_user_variable']]
except Exception as err:
self.logger.error(
'CAhandler._config_load() could not load est_user_variable:{0}'
.format(err))
if 'est_user' in config_dic['CAhandler']:
if self.est_user:
self.logger.info(
'CAhandler._config_load() overwrite est_user')
self.est_user = config_dic['CAhandler']['est_user']
if 'est_password_variable' in config_dic['CAhandler']:
try:
self.est_password = os.environ[config_dic['CAhandler']
['est_password_variable']]
except Exception as err:
self.logger.error(
'CAhandler._config_load() could not load est_password:{0}'
.format(err))
if 'est_password' in config_dic['CAhandler']:
if self.est_password:
self.logger.info(
'CAhandler._config_load() overwrite est_password')
self.est_password = config_dic['CAhandler']['est_password']
if (self.est_user
and not self.est_password) or (self.est_password
and not self.est_user):
self.logger.error(
'CAhandler._config_load() configuration incomplete: either "est_user" or "est_password" parameter is missing in config file'
)
# check if we have one authentication scheme
if not self.est_client_cert and not self.est_user:
self.logger.error(
'CAhandler._config_load() configuration incomplete: either user or client authentication must be configured'
)
elif self.est_client_cert and self.est_user:
self.logger.error(
'CAhandler._config_load() configuration wrong: user and client authentication cannot be configured together'
)
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except Exception:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
proxy_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
url_dic = parse_url(self.logger, self.est_host)
if 'host' in url_dic:
(fqdn, _port) = url_dic['host'].split(':')
proxy_server = proxy_check(self.logger, fqdn, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except Exception as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('CAhandler._config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
if 'api_user_variable' in config_dic['CAhandler']:
try:
self.credential_dic['api_user'] = os.environ[
config_dic['CAhandler']['api_user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'api_user' in config_dic['CAhandler']:
if self.credential_dic['api_user']:
self.logger.info(
'CAhandler._config_load() overwrite api_user')
self.credential_dic['api_user'] = config_dic['CAhandler'][
'api_user']
if 'api_password_variable' in config_dic['CAhandler']:
try:
self.credential_dic['api_password'] = os.environ[
config_dic['CAhandler']['api_password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load password_variable:{0}'
.format(err))
if 'api_password' in config_dic['CAhandler']:
if self.credential_dic['api_password']:
self.logger.info(
'CAhandler._config_load() overwrite api_password')
self.credential_dic['api_password'] = config_dic['CAhandler'][
'api_password']
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
if 'tsg_name' in config_dic['CAhandler']:
self.tsg_info_dic['name'] = config_dic['CAhandler']['tsg_name']
if 'template_name' in config_dic['CAhandler']:
self.template_info_dic['name'] = config_dic['CAhandler'][
'template_name']
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
proxy_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
url_dic = parse_url(self.logger, self.api_host)
if 'host' in url_dic:
(fqdn, _port) = url_dic['host'].split(':')
proxy_server = proxy_check(self.logger, fqdn, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except BaseException as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('CAhandler._config_load() ended')
def _config_load(self):
"""" load config from file """
self.logger.debug('_config_load()')
config_dic = load_config(self.logger, 'CAhandler')
if 'CAhandler' in config_dic:
if 'api_host' in config_dic['CAhandler']:
self.api_host = config_dic['CAhandler']['api_host']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_host" parameter is missing in config file'
)
if 'api_user' in config_dic[
'CAhandler'] or 'api_user_variable' in config_dic[
'CAhandler']:
if 'api_user_variable' in config_dic['CAhandler']:
try:
self.api_user = os.environ[config_dic['CAhandler']
['api_user_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load user_variable:{0}'
.format(err))
if 'api_user' in config_dic['CAhandler']:
if self.api_user:
self.logger.info(
'CAhandler._config_load() overwrite api_user')
self.api_user = config_dic['CAhandler']['api_user']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_user" parameter is missing in config file'
)
if 'api_password' in config_dic[
'CAhandler'] or 'api_password_variable' in config_dic[
'CAhandler']:
if 'api_password_variable' in config_dic['CAhandler']:
try:
self.api_password = os.environ[
config_dic['CAhandler']['api_password_variable']]
except BaseException as err:
self.logger.error(
'CAhandler._config_load() could not load passphrase_variable:{0}'
.format(err))
if 'api_password' in config_dic['CAhandler']:
if self.api_password:
self.logger.info(
'CAhandler._config_load() overwrite api_password_variable'
)
self.api_password = config_dic['CAhandler']['api_password']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "api_password" parameter is missing in config file'
)
if 'ca_name' in config_dic['CAhandler']:
self.ca_name = config_dic['CAhandler']['ca_name']
else:
self.logger.error(
'CAhandler._config_load() configuration incomplete: "ca_name" parameter is missing in config file'
)
if 'polling_timeout' in config_dic['CAhandler']:
self.polling_timeout = int(
config_dic['CAhandler']['polling_timeout'])
# check if we get a ca bundle for verification
if 'ca_bundle' in config_dic['CAhandler']:
try:
self.ca_bundle = config_dic.getboolean(
'CAhandler', 'ca_bundle')
except BaseException:
self.ca_bundle = config_dic['CAhandler']['ca_bundle']
if 'DEFAULT' in config_dic and 'proxy_server_list' in config_dic[
'DEFAULT']:
try:
proxy_list = json.loads(
config_dic['DEFAULT']['proxy_server_list'])
url_dic = parse_url(self.logger, self.api_host)
if 'host' in url_dic:
(fqdn, _port) = url_dic['host'].split(':')
proxy_server = proxy_check(self.logger, fqdn, proxy_list)
self.proxy = {'http': proxy_server, 'https': proxy_server}
except BaseException as err_:
self.logger.warning(
'Challenge._config_load() proxy_server_list failed with error: {0}'
.format(err_))
self.logger.debug('CAhandler._config_load() ended')